1.1 “Affiliate” means, with respect to any entity, any other entity Controlling, Controlled by or under common Control with such entity, for only so long as such Control exists;
1.2 “Associated Personnel” means any staff member, independent contractor, agent or the like of the Recipient;
1.3 “Control” means the direct or indirect ownership of more than 50% of the voting capital or similar right of ownership of an entity, or the legal power to direct or cause the direction of the general management and policies of that entity, whether through the ownership of voting capital, by contract or otherwise. Controlled and Controlling shall be construed accordingly;
1.4 “Data Protection Laws and Regulations” means all mandatory laws and regulations, including laws and regulations of RSA, applicable to the Processing of Personal Information, including but not limited to, the POPI Act and any amendment or replacement thereof;
1.5 “Data Subject” means the individual to whom Personal Information relates as defined in section 1 of the POPI Act;
1.7 “Operator” means a person as defined in section 1 of the POPI Act;
1.8 “Personal Information” means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, as defined in section 1 of the POPI Act;
1.9 “POPI Act” means the Protection of Personal Information Act 4 of 2013 as may be amended from time to time;
1.10 “Processing” means processing as defined in section 1 of the POPI Act;
1.12 “RSA” means the Republic of South Africa;
1.13 “Responsible Party” means the person which determines the purpose and means for which Personal Information is Processed, as defined in section 1 of the POPI Act; and
1.14 “Supervisory Authority” means the Information Regulator as established in RSA, pursuant to the POPI Act.
2. PROCESSING OF PERSONAL INFORMATION
2.1 The Recipient shall comply with Data Protection Laws and Regulations.
2.2 For the avoidance of doubt, Disclosing Party’s instructions to the Recipient for the Processing of Personal Information must comply with Data Protection Laws and Regulations. In addition, Disclosing Party shall have sole responsibility for the accuracy, reliability, integrity, quality, and legality of Personal Information, and the means by which Disclosing Party acquired Personal Information, including providing any required notices to, and obtaining any necessary consent from, its employees, agents or third parties.
2.3 The Recipient will not sell, share, or rent Disclosing Party’s Personal Information to any third party or use Disclosing Party’s phone number for unsolicited messages, without the express consent of the Disclosing Party. Any messages sent by the Recipient will only be pursuant to this Agreement.
2.4 It is expressly stated that the Recipient agrees and warrants:
2.4.1 that the Processing of Personal Information shall be carried out in accordance with the relevant provisions of the Data Protection Laws and Regulations and does not violate the relevant provisions of the POPI Act;
2.4.2 that it shall instruct throughout the duration of the Processing the Recipient to process the Personal Information only on the Disclosing Party's behalf and in accordance with the Data Protection Laws and Regulations; and
2.4.3 that after assessment of the requirements of the Data Protection Laws and Regulations, the security measures are appropriate to protect Personal Information against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the Processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the Processing and the nature of the Personal Information to be protected having regard to the state of the art and the cost of their implementation.
2.6 The Recipient shall keep the Personal Information of the Disclosing Party confidential and shall only Process Personal Information on behalf of and in accordance with Disclosing Party’s documented and lawful instructions to:
3. SCOPE OF PROCESSING
3.1 Details of the Processing
3.1.1 Nature and Purpose of Processing
The Recipient and Operators will/may Process Personal Information as necessary to:
• perform in terms of our agreement with you (provide you with the Services and access to the Website, including registering for and delivering the Services and related support services);
• operate and manage your account or your relationship with us, including facilitating customer applications;
• monitor and analyse our business to ensure that it is operating properly, for financial management and for business-development purposes;
• contact you by email or other means to inform you about our Services, including for marketing purposes, unless you have opted-out of such communications (direct marketing);
• form a view of you as an individual and to identify, develop or improve the Website and Services that may interest you;
• carry out market research and surveys, business and statistical analysis and necessary audits;
• prevent fraud;
• perform other administrative and operational tasks like testing our processes and systems; monitoring our Website's usability, performance, and effectiveness; improving the experience, usability and content of the Website and ensuring that our security measures are appropriate and adequate; and
• comply with our regulatory, legal or other obligations.
In addition to the above purposes, we may use your Personal Information for other purposes if the law allows for it, if you consent to it, or if it is in the public interest to do so. We will only process your Personal Information for purposes as allowed in terms of POPI.
Failure to provide the Personal Information may mean that the Recipient will be unable to fulfil this purpose, and as such, is mandatory.
3.1.2 Categories of Third Parties
Personal Information may be shared with the following categories of third parties:
• our business partners or third-party service providers and processors in order to provide you with access to the Website and/or Services, such as data storage service providers, third party payment processors, couriers, technicians, etc. in accordance with written agreements with these third parties;
• legal and regulatory authorities, upon their request, or for the purposes of reporting any breach of POPI or other applicable laws;
• accountants, auditors, lawyers and other external professional advisors in terms of written agreements with them;
• any relevant party to the extent necessary for the establishment, exercise or defence of legal rights, criminal offences, threats to public security, etc.;
• any relevant third party if we sell or transfer all or any portion of our business or assets;
• any relevant third-party provider where our Website uses third party advertising, plugins or content; and
• any other third-party service provider that will have access to your information when they provide services to us.
a) Non-Personal Information
Non-personal information is data about usage and service operation that is not directly associated with a specific personal identity. We may collect and analyse non-personal information to evaluate how people use our Website.
We may gather aggregate information, being information that your computer automatically provides to us and that cannot be tied back to you as a specific individual. Examples include referral data (the websites you visited just before and just after our Website), the pages viewed, time spent on our Website, and Internet Protocol (IP) addresses. An IP address is a number that is automatically assigned to your computer whenever you access the Internet. For example, when you request a page from our Website, our servers log your IP address to create aggregate reports on user demographics and traffic patterns and for purposes of system administration.
Every time you request or download a file from our Website, We may store data about these events and your IP address in a log file. We may use this information to analyse trends, administer the Website, track users' movements, and gather broad demographic information for aggregate use or for other business purposes.
Cookies are small files about browsing activity that are stored on a device's web browser by the websites that are visited and are generally used to improve user experience. When you use our Website we automatically receive and record information on our server logs from your browser, such as your location, IP address, general internet usage and Google Analytics information. This is statistical data about browsing actions and patterns. Cookies enable us to improve our Website and Services, estimate our audience size and usage patterns, store information about your preferences, save your password so that you don't need to re-enter it each time you use the Website, and recognise when you return to the Website.
We do not link non-personal information from cookies to Personal Information without your permission.
Our Website may also use web beacons to collect non-personal information about your use of our Website and the websites of selected partners, your use of special promotions or newsletters, and other activities. The information collected by web beacons allows us to statistically monitor how many people are using our Website and the websites of selected partners; how many people open our emails; and for what purposes these actions are being taken. Our web beacons are not used to track your activity outside of our Website or those of our partners. We do not link non-personal information from web beacons to Personal Information without your permission.
b) Personal Information
We use Personal Information to better understand your needs and interests and to provide you with our Service. We may collect the following categories of Personal Information through our relationship with you:
• General personal details: your name and surname or similar information of a legal entity.
• Contact details: your address, contact number, and email address.
• User information: Personal Information included in correspondence, transaction documents, use of the Services or other materials that we process in the course of providing our Website and Services.
• Consent records: records of any consents you have given us in respect of using your Personal Information and any related information, such as the specific details of the consent. We will also record any withdrawals or refusals of consent.
• Text, audio, video or image files
3.1.4 Children's Privacy
We are committed to protecting the privacy of children. We do not intentionally collect information from or about children (persons under the age of 18), and we do not target our Website or Services to children. We will only intentionally process the Personal Information of children where it is necessary for us to provide the Website or Services and with the consent of a parent or guardian of that child where required in terms of POPI.
3.1.5 Links to third-party websites
3.1.6 Collecting your Personal Information
We may collect Personal Information about you from the following sources:
• directly from you when you provide it to us, such as when you sign up to use our Services or the Website, contact us or during our relationship with you;
• from public sources where you have made your Personal Information public, such as on social media;
• from your use of the Services;
• from your use of our Website or use of any features or resources available on or through our Website;
• from third parties when you interact with them through the Website, where they are allowed to share your Personal Information or your interaction with us as a result of the Services or as required of the third parties to share it with us or otherwise if POPI allow us.
4. RIGHTS OF DATA SUBJECTS
4.1 The Disclosing Party shall have the right to:
4.1.1 access and rectify their Personal Information collected by the Recipient. On the request of the Disclosing Party, the Recipient will provide such access as is reasonably practicable and either allow the Disclosing Party to rectify such information themselves or implement any rectifications on behalf of the Disclosing Party;
4.1.2 object to the Processing of their Personal Information if Processing is not:
188.8.131.52 with the Disclosing Party’s consent;
184.108.40.206 protecting their legitimate interests;
220.127.116.11 necessary for the proper performance of a public law duty by a public body; or
4.1.3 object to the Processing of their Personal Information for the purposes of direct marketing other than as allowed by the Data Protection Laws and Regulations; and
4.1.4 lodge a complaint with the Supervisory Authority at complaints.IR@justice.gov.za.
5. ASSOCIATED PERSONNEL
5.1 Confidentiality. The Recipient shall ensure that its Associated Personnel engaged in the Processing of Personal Information are informed of the confidential nature of the Personal Information, have received appropriate training on their responsibilities and have executed written confidentiality agreements or are under general obligations of confidentiality towards the Recipient.
5.2 Reliability. The Recipient shall take commercially reasonable steps to ensure the reliability of the Associated Personnel engaged in the Processing of Personal Information.
5.3 Limitation of Access. The Recipient shall ensure that access to Personal Information is limited to those Associated Personnel of the Recipient directly involved in the fulfilling of the purpose.
6.1 Appointment of Operators. Disclosing Party acknowledges and agrees that:
6.1.1 the Recipient is entitled to retain its Affiliates as Operators; and
6.2.1 undertake due diligence on the Operator; and
6.2.3 Provide Disclosing Party with such information regarding the Operator as Disclosing Party may reasonably require.
7. SECURITY MEASURES, NOTIFICATIONS REGARDING PERSONAL INFORMATION, CERTIFICATIONS AND AUDITS, RECORDS
7.1 Security Measures. Taking into account the state of art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Recipient shall implement appropriate organisational and technical measures towards a level of security, appropriate to the risk (including risks that are presented by Processing, in particular from accidental or unlawful destruction, loss alteration, unauthorised disclosure of, or access to Personal Information transmitted, stored or otherwise Processed), including but not limited to:
7.1.1 the encryption of Personal Information in transit;
7.1.2 the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
7.1.3 the ability to restore the availability and access to Personal Information in a timely manner in the event of a physical and technical incident; and
7.1.4 a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the Processing.
7.2 Notifications Regarding Personal Information Breach. The Recipient will ensure that it and its Operators have in place reasonable and appropriate security incident management policies and procedures as required by the POPI Act, and shall notify Disclosing Party without undue delay (but in any event within 24 hours) where there are reasonable grounds to believe that there has been, or after becoming aware of, the unlawful or accidental destruction, alteration or damage or loss, unauthorised disclosure of, or access to Personal Information, transmitted, stored or otherwise Processed by the Recipient or Operators of which the Recipient becomes aware (hereinafter, a “Personal Information Breach”), as required to assist the Disclosing Party in ensuring compliance with its:
7.2.1 obligations to notify the Supervisory Authority;
7.2.2 obligations to communicate the Personal Information Breach to the Recipient involved; and
7.2.3 documentation obligation regarding the facts relating to the Personal Information Breach, its effects, and the remedial action taken.
7.3 The Recipient shall make reasonable efforts to identify the cause of such Personal Information Breach and take those steps as it deems necessary and reasonable in order to remediate the cause of such a Personal Information Breach, to the extent that the remediation is within the Recipient’s reasonable control.
7.4 Records. The Recipient shall maintain complete and accurate written records of the Processing it undertakes on behalf of Disclosing Party in accordance with Data Protection Laws and Regulations.
8. RETURN OF PERSONAL INFORMATION, COMMUNICATION
8.1 Return of Personal Information. Unless otherwise required by law, the Recipient and Operators, shall if required in terms of Data Protection Laws and Regulations, upon termination or expiry of the Agreement for whatever reason, either securely delete or return all the Disclosing Party Personal Information to Disclosing Party in accordance with Agreement, or in the absence of a specific destruction provision, the Recipient will ensure it follows its standard Personal Information destruction practices. If the Recipient or its Affiliations are required to retain a copy of the Personal Information by law, it shall retain that which is required by applicable Data Protection Laws and Regulations for not longer than is reasonably necessary.
9. COOPERATION WITH SUPERVISORY AUTHORITY
The Disclosing Party and the Recipient as applicable, shall cooperate, on request, with the Supervisory Authority in the performance of its tasks.
We have implemented appropriate technical and organisational security measures designed to protect Personal Information against accidental or unlawful destruction, loss, alteration, disclosure, access and other unlawful or unauthorised forms of processing. These measures are in accordance with the requirements of POPI.
The internet is an open and often vulnerable system and the transfer of information via the internet is not completely secure. Although we will implement all reasonable measures to protect Personal Information, we cannot guarantee the security of your Personal Information transferred to us using the internet. Therefore, you acknowledge and agree that any transfer of Personal Information via the internet is at your own risk and you are responsible for ensuring that any Personal Information that you send is sent securely. Air Ace Airconditioning assumes no liability for the interception, alteration, or misuse of the information you provide via the internet.
12. DIRECT MARKETING AND OPTING OUT
We may process your Personal Information to contact you to provide you with information about our Services that may be of interest to you. Where we provide Services to you (where you are a customer of ours), we may send information to you regarding our Services and other information, using the contact details that you have provided to us. We will only send you direct marketing communications where you have consented to us sending you direct marketing or otherwise in compliance with POPI, for example if you are our customer.
If you prefer not to receive any or all of these communications, you may opt out from marketing activities by following the directions provided within the electronic newsletters and announcements or by contacting us. After you unsubscribe from marketing activities, we will not send you any direct marketing communications, but we will continue to contact you when necessary in connection with providing you with the Services or in connection with the agreement between us.
13. LODGING A COMPLAINT
If you want to raise any objection or have any queries about our privacy practices, you can contact us at email@example.com
You also have the right to formally lodge a complaint with the Information Regulator:
• Website: https://www.justice.gov.za/
• Address: SALU Building, 316 Thabo Sehume Street, Pretoria